| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Youtube kann nicht mehr erreicht werden: "Fehler: Server nicht gefunden "Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
16.09.2011, 17:37
| #1 |
 |  Youtube kann nicht mehr erreicht werden: "Fehler: Server nicht gefunden " Hallo, seit heute kann ich mit keinem Browser (FF 6.0.2, Opera) auf Youtube kommen. Es erscheint jedesmal die Fehlermeldung "Fehler: Server nicht gefunden". Alle anderen Internetseiten scheinen zu funktionieren. Ich arbeite mit Windows 7 (32bit). Hier das OTL file: OTL Logfile: Code:
ATTFilter OTL logfile created on: 16.09.2011 18:07:56 - Run 3 OTL by OldTimer - Version 3.2.28.0 Folder = D:\Users\Alex\Desktop\trojanerboard An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 0,99 Gb Available Physical Memory | 49,59% Memory free 4,00 Gb Paging File | 2,94 Gb Available in Paging File | 73,49% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files Drive D: | 232,88 Gb Total Space | 135,96 Gb Free Space | 58,38% Space Free | Partition Type: NTFS Computer Name: ALEX-PC | User Name: Alex | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - D:\Users\Alex\Desktop\trojanerboard\OTL.exe (OldTimer Tools) PRC - D:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - D:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - D:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - D:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) PRC - D:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) PRC - D:\Programme\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) PRC - D:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - D:\Programme\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D) PRC - D:\Programme\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D) PRC - D:\Windows\explorer.exe (Microsoft Corporation) PRC - D:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - D:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - D:\Programme\Common Files\LogiShrd\KHAL3\KHALMNPR.exe (Logitech, Inc.) PRC - D:\Programme\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) PRC - D:\Programme\Launchy\Launchy.exe () PRC - D:\Programme\NetMeter\NetMeter.exe () ========== Modules (No Company Name) ========== MOD - D:\Programme\Mozilla Firefox\mozjs.dll () MOD - D:\Windows\System32\Macromed\Flash\NPSWF32.dll () MOD - D:\Programme\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll () MOD - D:\Programme\Notepad++\NppShell_04.dll () MOD - D:\Programme\Launchy\plugins\calcy.dll () MOD - D:\Programme\Launchy\plugins\gcalc.dll () MOD - D:\Programme\Launchy\plugins\runner.dll () MOD - D:\Programme\Launchy\plugins\weby.dll () MOD - D:\Programme\Launchy\Launchy.exe () MOD - D:\Programme\Launchy\plugins\verby.dll () MOD - D:\Programme\Launchy\plugins\controly.dll () MOD - D:\Programme\Launchy\imageformats\qmng4.dll () MOD - D:\Programme\Launchy\QtGui4.dll () MOD - D:\Programme\Launchy\QtNetwork4.dll () MOD - D:\Programme\Launchy\QtCore4.dll () MOD - D:\Programme\NetMeter\NetMeter.exe () ========== Win32 Services (SafeList) ========== SRV - (Steam Client Service) -- D:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (avast! Antivirus) -- D:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV - (nvUpdatusService) -- D:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- D:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (SbieSvc) -- D:\Program Files\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D) SRV - (LBTServ) -- D:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (DAUpdaterSvc) -- D:\Programme\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare) SRV - (StorSvc) -- D:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- D:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- D:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- D:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (aswSnx) -- D:\Windows\System32\drivers\aswSnx.sys (AVAST Software) DRV - (aswSP) -- D:\Windows\System32\drivers\aswSP.sys (AVAST Software) DRV - (aswTdi) -- D:\Windows\System32\drivers\aswTdi.sys (AVAST Software) DRV - (aswRdr) -- D:\Windows\System32\drivers\aswRdr.sys (AVAST Software) DRV - (aswMonFlt) -- D:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software) DRV - (aswFsBlk) -- D:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software) DRV - (dtsoftbus01) -- D:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV - (nvlddmkm) -- D:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (SbieDrv) -- D:\Programme\Sandboxie\SbieDrv.sys (SANDBOXIE L.T.D) DRV - (vmbus) -- D:\Windows\system32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- D:\Windows\system32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- D:\Windows\system32\drivers\storvsc.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- D:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (VMBusHID) -- D:\Windows\system32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- D:\Windows\system32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (LMouKE) -- D:\Windows\System32\drivers\LMouKE.Sys (Logitech, Inc.) DRV - (LMouFilt) -- D:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- D:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (L8042mou) -- D:\Windows\System32\drivers\L8042mou.Sys (Logitech, Inc.) DRV - (L8042Kbd) -- D:\Windows\System32\drivers\L8042Kbd.sys (Logitech, Inc.) DRV - (yukonw7) -- D:\Windows\System32\drivers\yk62x86.sys () DRV - (tandpl) -- D:\Windows\System32\drivers\tandpl.sys () DRV - (enodpl) -- D:\Windows\System32\drivers\enodpl.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3323950033-3190976883-4005576922-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3323950033-3190976883-4005576922-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-3323950033-3190976883-4005576922-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 77 63 54 75 74 CC 01 [binary data] IE - HKU\S-1-5-21-3323950033-3190976883-4005576922-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5 FF - prefs.js..extensions.enabledItems: treestyletab@piro.sakura.ne.jp:0.11.2011021901 FF - prefs.js..extensions.enabledItems: firefox@ghostery.com:2.5.2 FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.7.5 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1 FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.2.44172 FF - prefs.js..extensions.enabledItems: yetanothersmoothscrolling@kataho:3.0.16 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5 FF - prefs.js..network.proxy.type: 4 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: D:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: D:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: D:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: D:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: D:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: D:\Program Files\AVAST Software\Avast\WebRep\FF [2011.07.16 14:35:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2011.09.07 18:05:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2011.06.05 19:17:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: D:\Program Files\Mozilla Thunderbird\components [2011.07.31 15:38:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: D:\Program Files\Mozilla Thunderbird\plugins [2011.05.03 14:05:34 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Alex\AppData\Roaming\mozilla\Extensions [2011.05.03 14:05:34 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Alex\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.09.02 15:25:55 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\zno1o7bb.default\extensions [2011.08.19 13:36:31 | 000,000,000 | ---D | M] (DownloadHelper) -- D:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\zno1o7bb.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.09.02 15:25:55 | 000,000,000 | ---D | M] (Ghostery) -- D:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\zno1o7bb.default\extensions\firefox@ghostery.com [2011.08.17 12:19:07 | 000,000,000 | ---D | M] (Cooliris) -- D:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\zno1o7bb.default\extensions\piclens@cooliris.com [2011.06.18 14:08:21 | 000,000,000 | ---D | M] (No name found) -- D:\Programme\Mozilla Firefox\extensions [2011.06.05 19:17:54 | 000,000,000 | ---D | M] (Java Console) -- D:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} [2011.06.18 14:08:21 | 000,000,000 | ---D | M] (Java Console) -- D:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} () (No name found) -- D:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZNO1O7BB.DEFAULT\EXTENSIONS\{1280606B-2510-4FE0-97EF-9B5A22EAFE30}.XPI () (No name found) -- D:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZNO1O7BB.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- D:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZNO1O7BB.DEFAULT\EXTENSIONS\{EF4E370E-D9F0-4E00-B93E-A4F274CFDD5A}.XPI () (No name found) -- D:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZNO1O7BB.DEFAULT\EXTENSIONS\TREESTYLETAB@PIRO.SAKURA.NE.JP.XPI [2011.09.07 18:05:48 | 000,134,104 | ---- | M] (Mozilla Foundation) -- D:\Program Files\mozilla firefox\components\browsercomps.dll [2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.04.12 09:55:08 | 000,167,704 | ---- | M] (Tracker Software Products Ltd.) -- D:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2011.07.11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- D:\Program Files\mozilla firefox\plugins\npwachk.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.09.16 17:18:14 | 000,000,000 | ---- | M]) - D:\Windows\System32\drivers\etc\hosts O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Programme\Orbitdownloader\GrabPro.dll () O3 - HKU\S-1-5-21-3323950033-3190976883-4005576922-1000\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Programme\Orbitdownloader\GrabPro.dll () O4 - HKLM..\Run: [avast] D:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [EvtMgr6] D:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4 - HKU\S-1-5-21-3323950033-3190976883-4005576922-1000..\Run: [D:\Program Files\NetMeter\NetMeter.exe] D:\Programme\NetMeter\NetMeter.exe () O4 - HKU\S-1-5-21-3323950033-3190976883-4005576922-1000..\Run: [SandboxieControl] D:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3323950033-3190976883-4005576922-1001..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: D:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Maus- und Tastatureinstellungen.lnk = D:\Programme\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: &Download by Orbit - D:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - D:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Do&wnload selected by Orbit - D:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - D:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4ED1F7C9-39F2-436B-AD0D-2AF7254C989C}: DhcpNameServer = 192.168.178.1 O20 - HKLM Winlogon: Shell - (explorer.exe) -D:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (D:\Windows\system32\userinit.exe) -D:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\LBTWlgn: DllName - (d:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - d:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{8d78a650-9433-11e0-ad9a-001a4d40eb99}\Shell - "" = AutoRun O33 - MountPoints2\{8d78a650-9433-11e0-ad9a-001a4d40eb99}\Shell\AutoRun\command - "" = F:\DS1.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - D:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - D:\Windows\system32\Rundll32.exe D:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - D:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "D:\Windows\System32\rundll32.exe" "D:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - D:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - State: "bootini" - 2 ========== Files/Folders - Created Within 30 Days ========== [2011.09.16 17:42:02 | 000,000,000 | ---D | C] -- D:\Users\Alex\Desktop\trojanerboard [2011.09.09 12:15:09 | 000,000,000 | ---D | C] -- D:\Users\Alex\AppData\Roaming\vlc [2011.09.09 12:14:11 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2011.09.09 12:14:00 | 000,000,000 | ---D | C] -- D:\Program Files\VideoLAN [2011.09.09 11:35:58 | 000,000,000 | ---D | C] -- D:\Users\Alex\dwhelper [2011.08.28 19:45:18 | 000,000,000 | ---D | C] -- D:\Users\Alex\Desktop\Slot_71 [2011.08.28 19:44:01 | 000,000,000 | ---D | C] -- D:\Users\Alex\Desktop\gff4editor-0.5.4 [2011.08.24 12:04:04 | 000,002,048 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\tzres.dll [2011.08.22 12:47:09 | 000,000,000 | ---D | C] -- D:\Users\Alex\AppData\Local\Electronic Arts [2011.08.22 12:47:01 | 000,000,000 | ---D | C] -- D:\Users\Alex\Documents\Electronic Arts [2011.08.22 12:44:55 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts [2011.08.22 12:27:48 | 000,000,000 | ---D | C] -- D:\Program Files\Electronic Arts [2011.08.22 12:19:52 | 000,000,000 | ---D | C] -- D:\Users\Alex\AppData\Roaming\Launchy [2011.08.22 12:19:33 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Launchy [2011.08.22 12:19:32 | 000,000,000 | ---D | C] -- D:\Program Files\Launchy [2011.08.18 12:40:44 | 000,000,000 | ---D | C] -- D:\Users\Alex\AppData\Roaming\Opera [2011.08.18 12:40:44 | 000,000,000 | ---D | C] -- D:\Users\Alex\AppData\Local\Opera [2011.08.18 12:40:39 | 000,000,000 | ---D | C] -- D:\Program Files\Opera [2 D:\Windows\*.tmp files -> D:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.09.16 17:54:12 | 000,016,704 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.09.16 17:54:12 | 000,016,704 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.09.16 17:46:52 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat [2011.09.16 17:46:48 | 1609,424,896 | -HS- | M] () -- D:\hiberfil.sys [2011.09.16 17:43:16 | 000,000,156 | ---- | M] () -- D:\Users\Alex\defogger_reenable [2011.09.16 17:18:14 | 000,000,000 | ---- | M] () -- D:\Windows\System32\drivers\etc\hosts [2011.09.15 12:17:11 | 000,036,236 | ---- | M] () -- D:\Users\Alex\Desktop\Werften von Antiga (4).SC2Replay [2011.09.14 13:46:59 | 000,653,928 | ---- | M] () -- D:\Windows\System32\perfh007.dat [2011.09.14 13:46:59 | 000,615,810 | ---- | M] () -- D:\Windows\System32\perfh009.dat [2011.09.14 13:46:59 | 000,129,800 | ---- | M] () -- D:\Windows\System32\perfc007.dat [2011.09.14 13:46:59 | 000,106,190 | ---- | M] () -- D:\Windows\System32\perfc009.dat [2011.08.29 16:09:42 | 000,003,584 | ---- | M] () -- D:\Users\Alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.08.28 19:53:01 | 000,001,645 | ---- | M] () -- D:\Users\Alex\Desktop\Angel_console_fix_fonts_er-1110.zip [2011.08.28 19:43:29 | 018,668,802 | ---- | M] () -- D:\Users\Alex\Desktop\gff4editor-0.5.4.zip [2011.08.22 12:19:33 | 000,000,971 | ---- | M] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Launchy.lnk [2 D:\Windows\*.tmp files -> D:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.09.16 17:43:15 | 000,000,156 | ---- | C] () -- D:\Users\Alex\defogger_reenable [2011.09.15 12:17:09 | 000,036,236 | ---- | C] () -- D:\Users\Alex\Desktop\Werften von Antiga (4).SC2Replay [2011.08.29 16:09:42 | 000,003,584 | ---- | C] () -- D:\Users\Alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.08.28 19:52:59 | 000,001,645 | ---- | C] () -- D:\Users\Alex\Desktop\Angel_console_fix_fonts_er-1110.zip [2011.08.28 19:42:19 | 018,668,802 | ---- | C] () -- D:\Users\Alex\Desktop\gff4editor-0.5.4.zip [2011.08.24 16:08:15 | 002,344,694 | ---- | C] () -- D:\Users\Alex\Desktop\BILD1260.JPG [2011.08.22 12:19:33 | 000,000,971 | ---- | C] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Launchy.lnk [2011.08.18 12:40:41 | 000,001,791 | ---- | C] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk [2011.08.16 11:36:54 | 000,007,552 | ---- | C] () -- D:\Windows\System32\drivers\enodpl.sys [2011.08.16 11:36:54 | 000,004,736 | ---- | C] () -- D:\Windows\System32\drivers\tandpl.sys [2011.06.24 12:47:44 | 000,000,193 | ---- | C] () -- D:\Windows\hppsapp.INI [2011.05.03 14:54:03 | 000,001,548 | ---- | C] () -- D:\Windows\Sandboxie.ini [2011.04.29 11:47:38 | 000,007,615 | ---- | C] () -- D:\Users\Alex\AppData\Local\Resmon.ResmonCfg [2011.04.27 23:03:56 | 000,306,688 | ---- | C] () -- D:\Windows\System32\Lffpx7.dll [2011.04.27 23:03:56 | 000,095,232 | ---- | C] () -- D:\Windows\System32\Lfkodak.dll [2011.04.27 13:43:11 | 000,066,048 | ---- | C] () -- D:\Windows\System32\PrintBrmUi.exe [2009.07.14 10:47:43 | 000,653,928 | ---- | C] () -- D:\Windows\System32\perfh007.dat [2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- D:\Windows\System32\perfi007.dat [2009.07.14 10:47:43 | 000,129,800 | ---- | C] () -- D:\Windows\System32\perfc007.dat [2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- D:\Windows\System32\perfd007.dat [2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- D:\Windows\bootstat.dat [2009.07.14 06:33:53 | 000,265,640 | ---- | C] () -- D:\Windows\System32\FNTCACHE.DAT [2009.07.14 04:05:48 | 000,615,810 | ---- | C] () -- D:\Windows\System32\perfh009.dat [2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- D:\Windows\System32\perfi009.dat [2009.07.14 04:05:48 | 000,106,190 | ---- | C] () -- D:\Windows\System32\perfc009.dat [2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- D:\Windows\System32\perfd009.dat [2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- D:\Windows\System32\NOISE.DAT [2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- D:\Windows\System32\dssec.dat [2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- D:\Windows\mib.bin [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- D:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- D:\Windows\System32\BWContextHandler.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- D:\Windows\System32\mlang.dat ========== LOP Check ========== [2011.06.11 20:17:51 | 000,000,000 | ---D | M] -- D:\Users\Alex\AppData\Roaming\DAEMON Tools Lite [2011.05.06 14:54:22 | 000,000,000 | ---D | M] -- D:\Users\Alex\AppData\Roaming\GrabPro [2011.07.24 18:23:37 | 000,000,000 | ---D | M] -- D:\Users\Alex\AppData\Roaming\IrfanView [2011.08.22 12:20:05 | 000,000,000 | ---D | M] -- D:\Users\Alex\AppData\Roaming\Launchy [2011.04.27 14:39:57 | 000,000,000 | ---D | M] -- D:\Users\Alex\AppData\Roaming\Leadertech [2011.05.24 17:51:00 | 000,000,000 | ---D | M] -- D:\Users\Alex\AppData\Roaming\Mp3tag [2011.05.15 20:19:45 | 000,000,000 | ---D | M] -- D:\Users\Alex\AppData\Roaming\NetMeter [2011.04.27 14:49:24 | 000,000,000 | ---D | M] -- D:\Users\Alex\AppData\Roaming\Notepad++ [2011.08.18 12:40:44 | 000,000,000 | ---D | M] -- D:\Users\Alex\AppData\Roaming\Opera [2011.06.28 16:00:59 | 000,000,000 | ---D | M] -- D:\Users\Alex\AppData\Roaming\Orbit [2011.04.27 14:50:30 | 000,000,000 | ---D | M] -- D:\Users\Alex\AppData\Roaming\ProgSense [2011.05.03 14:05:33 | 000,000,000 | ---D | M] -- D:\Users\Alex\AppData\Roaming\Thunderbird [2011.05.15 20:19:45 | 000,000,000 | ---D | M] -- D:\Users\Alex\AppData\Roaming\TS3Client [2011.09.11 16:47:24 | 000,032,632 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.08.28 12:00:28 | 000,000,000 | -HSD | M] -- D:\$Recycle.Bin [2011.07.16 16:08:18 | 000,000,000 | -HSD | M] -- D:\Boot [2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- D:\Documents and Settings [2011.04.27 13:39:31 | 000,000,000 | -HSD | M] -- D:\Dokumente und Einstellungen [2011.04.27 14:50:30 | 000,000,000 | ---D | M] -- D:\Downloads [2011.04.27 14:30:04 | 000,000,000 | ---D | M] -- D:\NVIDIA [2009.07.14 04:37:05 | 000,000,000 | ---D | M] -- D:\PerfLogs [2011.09.09 12:14:00 | 000,000,000 | R--D | M] -- D:\Program Files [2011.06.13 17:36:33 | 000,000,000 | -H-D | M] -- D:\ProgramData [2011.04.27 13:39:31 | 000,000,000 | -HSD | M] -- D:\Programme [2011.04.27 13:39:31 | 000,000,000 | -HSD | M] -- D:\Recovery [2011.05.03 14:57:59 | 000,000,000 | R--D | M] -- D:\Sandbox [2011.09.16 17:54:32 | 000,000,000 | -HSD | M] -- D:\System Volume Information [2011.05.03 14:57:18 | 000,000,000 | R--D | M] -- D:\Users [2011.07.16 14:35:46 | 000,000,000 | ---D | M] -- D:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.manifest /3 > < MD5 for: EXPLORER.EXE > [2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- D:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- D:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- D:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- D:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe [2010.11.20 04:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- D:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- D:\Windows\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- D:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe < MD5 for: REGEDIT.EXE > [2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- D:\Windows\regedit.exe [2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- D:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe < MD5 for: USERINIT.EXE > [2010.11.20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- D:\Windows\System32\userinit.exe [2010.11.20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- D:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- D:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- D:\Windows\System32\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- D:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 04:17:56 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- D:\Windows\System32\winlogon.exe [2010.11.20 04:17:56 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- D:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- D:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-09-16 10:30:40 < End of report > [/CODE] Gruß Hab jetzt erst gesehen, dass das gmer-logfile nicht hochgeladen wurde.... Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-09-16 18:28:17
Windows 6.1.7601 Service Pack 1
Running: gmer.exe; Driver: D:\Users\Alex\AppData\Local\Temp\kxldrpog.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8DE43202]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x8E774D8C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8DE457F0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8DE45848]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8DE4595E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8DE45746]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8DE45898]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8DE4579A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8DE4590C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8DE43226]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x8E774E3C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8DE42FF0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8DE4324A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8DE45D56]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8DE43CDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8DE45820]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8DE45870]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8DE45988]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8DE45772]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8DE458D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8DE457C8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8DE45936]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x8E774ED4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8DE43BA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8DE4326E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8DE43292]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8DE4304A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8DE43186]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8DE43162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8DE431AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8DE432B6]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8E78A398]
Code 95DFFBFC ZwTraceEvent
Code 95DFFBFB NtTraceEvent
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKey + 13D1 82C3E349 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C77D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 82C7ED80 4 Bytes [02, 32, E4, 8D] {ADD DH, [EDX]; IN AL, 0x8d}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 82C7EDA8 4 Bytes [8C, 4D, 77, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 82C7EE5C 2 Bytes [F0, 57]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11AA 82C7EE5F 5 Bytes [8D, 48, 58, E4, 8D] {LEA ECX, [EAX+0x58]; IN AL, 0x8d}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 82C7EE68 4 Bytes [5E, 59, E4, 8D] {POP ESI; POP ECX; IN AL, 0x8d}
.text ...
.text ntkrnlpa.exe!NtTraceEvent 82CC765A 5 Bytes JMP 95DFFC00
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82E0BBE8 5 Bytes JMP 8E785D4C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject + 27 82E241B8 5 Bytes JMP 8E78780A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 82E392FF 4 Bytes CALL 8DE4434B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!NtRequestWaitReplyPort + 2 82E3E96D 5 Bytes JMP 95DFFD40
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 2 82E52FB1 5 Bytes JMP 95DFFDE0
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 82E530D1 4 Bytes CALL 8DE44361 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!NtRequestPort + 2 82E814DF 5 Bytes JMP 95DFFCA0
PAGE ntkrnlpa.exe!ZwCreateProcessEx 82EDCF10 7 Bytes JMP 8E78A39C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text user32.dll!UnhookWindowsHookEx 75C7ADF9 5 Bytes [E9, 0A, 5C, 67, 8A] {JMP 0xffffffff8a675c0f}
.text user32.dll!UnhookWinEvent 75C7B750 5 Bytes [E9, A7, 4C, 67, 8A] {JMP 0xffffffff8a674cac}
.text user32.dll!SetWindowsHookExW 75C7E30C 5 Bytes [E9, F3, 24, 67, 8A] {JMP 0xffffffff8a6724f8}
.text user32.dll!SetWinEventHook 75C824DC 5 Bytes [E9, 17, DD, 66, 8A] {JMP 0xffffffff8a66dd1c}
.text user32.dll!SetWindowsHookExA 75CA6D0C 5 Bytes [E9, EF, 98, 64, 8A] {JMP 0xffffffff8a6498f4}
.text kernel32.dll!GetBinaryTypeW + 70 75A369F4 1 Byte [62]
---- User code sections - GMER 1.0.15 ----
.text D:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[372] ntdll.dll!LdrUnloadDll 7738C8DE 5 Bytes JMP 001503FC
.text D:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[372] ntdll.dll!LdrLoadDll 773922B8 5 Bytes JMP 001501F8
.text D:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[372] kernel32.dll!GetBinaryTypeW + 70 75A369F4 1 Byte [62]
.text D:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[372] USER32.dll!UnhookWindowsHookEx 75C7ADF9 5 Bytes JMP 00300A08
.text D:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[372] USER32.dll!UnhookWinEvent 75C7B750 5 Bytes JMP 003003FC
.text D:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[372] USER32.dll!SetWindowsHookExW 75C7E30C 5 Bytes JMP 00300804
.text D:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[372] USER32.dll!SetWinEventHook 75C824DC 5 Bytes JMP 003001F8
.text D:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[372] USER32.dll!SetWindowsHookExA 75CA6D0C 5 Bytes JMP 00300600
.text D:\Windows\system32\csrss.exe[428] kernel32.dll!GetBinaryTypeW + 70 75A369F4 1 Byte [62]
.text D:\Windows\system32\wininit.exe[488] ntdll.dll!LdrUnloadDll 7738C8DE 5 Bytes JMP 000303FC
.text D:\Windows\system32\wininit.exe[488] ntdll.dll!LdrLoadDll 773922B8 5 Bytes JMP 000301F8
.text D:\Windows\system32\wininit.exe[488] kernel32.dll!GetBinaryTypeW + 70 75A369F4 1 Byte [62]
.text D:\Windows\system32\wininit.exe[488] USER32.dll!UnhookWindowsHookEx 75C7ADF9 5 Bytes JMP 00050A08
.text D:\Windows\system32\wininit.exe[488] USER32.dll!UnhookWinEvent 75C7B750 5 Bytes JMP 000503FC
.text D:\Windows\system32\wininit.exe[488] USER32.dll!SetWindowsHookExW 75C7E30C 5 Bytes JMP 00050804
.text D:\Windows\system32\wininit.exe[488] USER32.dll!SetWinEventHook 75C824DC 5 Bytes JMP 000501F8
.text D:\Windows\system32\wininit.exe[488] USER32.dll!SetWindowsHookExA 75CA6D0C 5 Bytes JMP 00050600
.text D:\Windows\system32\csrss.exe[500] kernel32.dll!GetBinaryTypeW + 70 75A369F4 1 Byte [62]
.text D:\Windows\system32\svchost.exe[504] ntdll.dll!LdrUnloadDll 7738C8DE 5 Bytes JMP 000603FC
.text D:\Windows\system32\svchost.exe[504] ntdll.dll!LdrLoadDll 773922B8 5 Bytes JMP 000601F8
.text D:\Windows\system32\svchost.exe[504] kernel32.dll!GetBinaryTypeW + 70 75A369F4 1 Byte [62]
.text D:\Windows\system32\svchost.exe[504] USER32.dll!UnhookWindowsHookEx 75C7ADF9 5 Bytes JMP 00420A08
.text D:\Windows\system32\svchost.exe[504] USER32.dll!UnhookWinEvent 75C7B750 5 Bytes JMP 004203FC
.text D:\Windows\system32\svchost.exe[504] USER32.dll!SetWindowsHookExW 75C7E30C 5 Bytes JMP 00420804
.text D:\Windows\system32\svchost.exe[504] USER32.dll!SetWinEventHook 75C824DC 5 Bytes JMP 004201F8
.text D:\Windows\system32\svchost.exe[504] USER32.dll!SetWindowsHookExA 75CA6D0C 5 Bytes JMP 00420600
.text D:\Windows\system32\services.exe[540] ntdll.dll!LdrUnloadDll 7738C8DE 5 Bytes JMP 000603FC
.text D:\Windows\system32\services.exe[540] ntdll.dll!LdrLoadDll 773922B8 5 Bytes JMP 000601F8
.text D:\Windows\system32\services.exe[540] kernel32.dll!GetBinaryTypeW + 70 75A369F4 1 Byte [62]
.text D:\Windows\system32\lsass.exe[560] ntdll.dll!LdrUnloadDll 7738C8DE 5 Bytes JMP 000603FC
.text D:\Windows\system32\lsass.exe[560] ntdll.dll!LdrLoadDll 773922B8 5 Bytes JMP 000601F8
.text D:\Windows\system32\lsass.exe[560] kernel32.dll!GetBinaryTypeW + 70 75A369F4 1 Byte [62]
.text D:\Windows\system32\lsass.exe[560] USER32.dll!UnhookWindowsHookEx 75C7ADF9 5 Bytes JMP 00100A08
.text D:\Windows\system32\lsass.exe[560] USER32.dll!UnhookWinEvent 75C7B750 5 Bytes JMP 001003FC
.text D:\Windows\system32\lsass.exe[560] USER32.dll!SetWindowsHookExW 75C7E30C 5 Bytes JMP 00100804
.text D:\Windows\system32\lsass.exe[560] USER32.dll!SetWinEventHook 75C824DC 5 Bytes JMP 001001F8
.text D:\Windows\system32\lsass.exe[560] USER32.dll!SetWindowsHookExA 75CA6D0C 5 Bytes JMP 00100600
.text D:\Windows\system32\lsm.exe[568] ntdll.dll!LdrUnloadDll 7738C8DE 5 Bytes JMP 000603FC
.text D:\Windows\system32\lsm.exe[568] ntdll.dll!LdrLoadDll 773922B8 5 Bytes JMP 000601F8
.text D:\Windows\system32\lsm.exe[568] kernel32.dll!GetBinaryTypeW + 70 75A369F4 1 Byte [62]
.text D:\Windows\system32\winlogon.exe[624] ntdll.dll!LdrUnloadDll 7738C8DE 5 Bytes JMP 000303FC
.text D:\Windows\system32\winlogon.exe[624] ntdll.dll!LdrLoadDll 773922B8 5 Bytes JMP 000301F8
.text D:\Windows\system32\winlogon.exe[624] kernel32.dll!GetBinaryTypeW + 70 75A369F4 1 Byte [62]
.text D:\Windows\system32\winlogon.exe[624] USER32.dll!UnhookWindowsHookEx 75C7ADF9 5 Bytes JMP 000C0A08
.text D:\Windows\system32\winlogon.exe[624] USER32.dll!UnhookWinEvent 75C7B750 5 Bytes JMP 000C03FC
.text D:\Windows\system32\winlogon.exe[624] USER32.dll!SetWindowsHookExW 75C7E30C 5 Bytes JMP 000C0804
.text D:\Windows\system32\winlogon.exe[624] USER32.dll!SetWinEventHook 75C824DC 5 Bytes JMP 000C01F8
.text D:\Windows\system32\winlogon.exe[624] USER32.dll!SetWindowsHookExA 75CA6D0C 5 Bytes JMP 000C0600
.text D:\Windows\system32\svchost.exe[716] ntdll.dll!LdrUnloadDll 7738C8DE 5 Bytes JMP 000603FC
.text D:\Windows\system32\svchost.exe[716] ntdll.dll!LdrLoadDll 773922B8 5 Bytes JMP 000601F8
.text D:\Windows\system32\svchost.exe[716] kernel32.dll!GetBinaryTypeW + 70 75A369F4 1 Byte [62]
.text D:\Windows\system32\nvvsvc.exe[788] ntdll.dll!LdrUnloadDll 7738C8DE 5 Bytes JMP 001603FC
.text D:\Windows\system32\nvvsvc.exe[788] ntdll.dll!LdrLoadDll 773922B8 5 Bytes JMP 001601F8
.text D:\Windows\system32\nvvsvc.exe[788] kernel32.dll!GetBinaryTypeW + 70 75A369F4 1 Byte [62]
.text D:\Windows\system32\nvvsvc.exe[788] USER32.dll!UnhookWindowsHookEx 75C7ADF9 5 Bytes JMP 001F0A08
.text D:\Windows\system32\nvvsvc.exe[788] USER32.dll!UnhookWinEvent 75C7B750 5 Bytes JMP 001F03FC
.text D:\Windows\system32\nvvsvc.exe[788] USER32.dll!SetWindowsHookExW 75C7E30C 5 Bytes JMP 001F0804
.text D:\Windows\system32\nvvsvc.exe[788] USER32.dll!SetWinEventHook 75C824DC 5 Bytes JMP 001F01F8
.text D:\Windows\system32\nvvsvc.exe[788] USER32.dll!SetWindowsHookExA 75CA6D0C 5 Bytes JMP 001F0600
.text D:\Windows\system32\svchost.exe[828] ntdll.dll!LdrUnloadDll 7738C8DE 5 Bytes JMP 000A03FC
.text D:\Windows\system32\svchost.exe[828] ntdll.dll!LdrLoadDll 773922B8 5 Bytes JMP 000A01F8
.text D:\Windows\system32\svchost.exe[828] kernel32.dll!GetBinaryTypeW + 70 75A369F4 1 Byte [62]
.text D:\Windows\System32\svchost.exe[892] ntdll.dll!LdrUnloadDll 7738C8DE 5 Bytes JMP 000603FC
.text D:\Windows\System32\svchost.exe[892] ntdll.dll!LdrLoadDll 773922B8 5 Bytes JMP 000601F8
.text D:\Windows\System32\svchost.exe[892] kernel32.dll!GetBinaryTypeW + 70 75A369F4 1 Byte [62]
.text D:\Windows\System32\svchost.exe[892] USER32.dll!UnhookWindowsHookEx 75C7ADF9 5 Bytes JMP 00510A08
.text D:\Windows\System32\svchost.exe[892] USER32.dll!UnhookWinEvent 75C7B750 5 Bytes JMP 005103FC
.text D:\Windows\System32\svchost.exe[892] USER32.dll!SetWindowsHookExW 75C7E30C 5 Bytes JMP 00510804
.text D:\Windows\System32\svchost.exe[892] USER32.dll!SetWinEventHook 75C824DC 5 Bytes JMP 005101F8
.text D:\Windows\System32\svchost.exe[892] USER32.dll!SetWindowsHookExA 75CA6D0C 5 Bytes JMP 00510600
.text D:\Windows\System32\svchost.exe[976] ntdll.dll!LdrUnloadDll 7738C8DE 5 Bytes JMP 000603FC
.text D:\Windows\System32\svchost.exe[976] ntdll.dll!LdrLoadDll 773922B8 5 Bytes JMP 000601F8
.text D:\Windows\System32\svchost.exe[976] kernel32.dll!GetBinaryTypeW + 70 75A369F4 1 Byte [62]
.text D:\Windows\System32\svchost.exe[976] USER32.dll!UnhookWindowsHookEx 75C7ADF9 5 Bytes JMP 00370A08
.text D:\Windows\System32\svchost.exe[976] USER32.dll!UnhookWinEvent 75C7B750 5 Bytes JMP 003703FC
.text D:\Windows\System32\svchost.exe[976] USER32.dll!SetWindowsHookExW 75C7E30C 5 Bytes JMP 00370804
.text D:\Windows\System32\svchost.exe[976] USER32.dll!SetWinEventHook 75C824DC 5 Bytes JMP 003701F8
.text D:\Windows\System32\svchost.exe[976] USER32.dll!SetWindowsHookExA 75CA6D0C 5 Bytes JMP 00370600
.text D:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1004] ntdll.dll!LdrUnloadDll 7738C8DE 5 Bytes JMP 001703FC
.text D:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1004] ntdll.dll!LdrLoadDll 773922B8 5 Bytes JMP 001701F8
.text D:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1004] kernel32.dll!GetBinaryTypeW + 70 75A369F4 1 Byte [62]
.text D:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1004] USER32.dll!UnhookWindowsHookEx 75C7ADF9 5 Bytes JMP 00300A08
.text D:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1004] USER32.dll!UnhookWinEvent 75C7B750 5 Bytes JMP 003003FC
.text D:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1004] USER32.dll!SetWindowsHookExW 75C7E30C 5 Bytes JMP 00300804
.text D:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1004] USER32.dll!SetWinEventHook 75C824DC 5 Bytes JMP 003001F8
.text D:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1004] USER32.dll!SetWindowsHookExA 75CA6D0C 5 Bytes JMP 00300600
.text D:\Windows\system32\svchost.exe[1012] ntdll.dll!LdrUnloadDll 7738C8DE 5 Bytes JMP 000603FC
.text D:\Windows\system32\svchost.exe[1012] ntdll.dll!LdrLoadDll 773922B8 5 Bytes JMP 000601F8
.text D:\Windows\system32\svchost.exe[1012] kernel32.dll!GetBinaryTypeW + 70 75A369F4 1 Byte [62]
.text D:\Windows\system32\svchost.exe[1012] USER32.dll!UnhookWindowsHookEx 75C7ADF9 5 Bytes JMP 00B10A08
.text D:\Windows\system32\svchost.exe[1012] USER32.dll!UnhookWinEvent 75C7B750 5 Bytes JMP 00B103FC
.text D:\Windows\system32\svchost.exe[1012] USER32.dll!SetWindowsHookExW 75C7E30C 5 Bytes JMP 00B10804
.text D:\Windows\system32\svchost.exe[1012] USER32.dll!SetWinEventHook 75C824DC 5 Bytes JMP 00B101F8
.text D:\Windows\system32\svchost.exe[1012] USER32.dll!SetWindowsHookExA 75CA6D0C 5 Bytes JMP 00B10600
.text D:\Windows\system32\svchost.exe[1192] ntdll.dll!LdrUnloadDll 7738C8DE 5 Bytes JMP 000603FC
.text D:\Windows\system32\svchost.exe[1192] ntdll.dll!LdrLoadDll 773922B8 5 Bytes JMP 000601F8
.text D:\Windows\system32\svchost.exe[1192] kernel32.dll!GetBinaryTypeW + 70 75A369F4 1 Byte [62]
.text D:\Windows\system32\svchost.exe[1192] USER32.dll!UnhookWindowsHookEx 75C7ADF9 5 Bytes JMP 001E0A08
.text D:\Windows\system32\svchost.exe[1192] USER32.dll!UnhookWinEvent 75C7B750 5 Bytes JMP 001E03FC
.text D:\Windows\system32\svchost.exe[1192] USER32.dll!SetWindowsHookExW 75C7E30C 5 Bytes JMP 001E0804
.text D:\Windows\system32\svchost.exe[1192] USER32.dll!SetWinEventHook 75C824DC 5 Bytes JMP 001E01F8
.text D:\Windows\system32\svchost.exe[1192] USER32.dll!SetWindowsHookExA 75CA6D0C 5 Bytes JMP 001E0600
.text D:\Windows\System32\svchost.exe[1208] ntdll.dll!LdrUnloadDll 7738C8DE 5 Bytes JMP 000603FC
.text D:\Windows\System32\svchost.exe[1208] ntdll.dll!LdrLoadDll 773922B8 5 Bytes JMP 000601F8
.text D:\Windows\System32\svchost.exe[1208] kernel32.dll!GetBinaryTypeW + 70 75A369F4 1 Byte [62]
.text D:\Windows\System32\svchost.exe[1208] USER32.dll!UnhookWindowsHookEx 75C7ADF9 5 Bytes JMP 000F0A08
.text D:\Windows\System32\svchost.exe[1208] USER32.dll!UnhookWinEvent 75C7B750 5 Bytes JMP 000F03FC
.text D:\Windows\System32\svchost.exe[1208] USER32.dll!SetWindowsHookExW 75C7E30C 5 Bytes JMP 000F0804
.text D:\Windows\System32\svchost.exe[1208] USER32.dll!SetWinEventHook 75C824DC 5 Bytes JMP 000F01F8
.text D:\Windows\System32\svchost.exe[1208] USER32.dll!SetWindowsHookExA 75CA6D0C 5 Bytes JMP 000F0600
.text D:\Program Files\Sandboxie\SbieSvc.exe[1272] ntdll.dll!LdrUnloadDll 7738C8DE 5 Bytes JMP 000903FC
.text D:\Program Files\Sandboxie\SbieSvc.exe[1272] ntdll.dll!LdrLoadDll 773922B8 5 Bytes JMP 000901F8
.text D:\Program Files\Sandboxie\SbieSvc.exe[1272] kernel32.dll!GetBinaryTypeW + 70 75A369F4 1 Byte [62]
.text D:\Program Files\Sandboxie\SbieSvc.exe[1272] USER32.dll!UnhookWindowsHookEx 75C7ADF9 5 Bytes JMP 00140A08
.text D:\Program Files\Sandboxie\SbieSvc.exe[1272] USER32.dll!UnhookWinEvent 75C7B750 5 Bytes JMP 001403FC
.text D:\Program Files\Sandboxie\SbieSvc.exe[1272] USER32.dll!SetWindowsHookExW 75C7E30C 5 Bytes JMP 00140804
.text D:\Program Files\Sandboxie\SbieSvc.exe[1272] USER32.dll!SetWinEventHook 75C824DC 5 Bytes JMP 001401F8
.text D:\Program Files\Sandboxie\SbieSvc.exe[1272] USER32.dll!SetWindowsHookExA 75CA6D0C 5 Bytes JMP 00140600
.text D:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1284] ntdll.dll!LdrUnloadDll 7738C8DE 5 Bytes JMP 001603FC
.text D:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1284] ntdll.dll!LdrLoadDll 773922B8 5 Bytes JMP 001601F8
.text D:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1284] kernel32.dll!GetBinaryTypeW + 70 75A369F4 1 Byte [62]
.text D:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1284] USER32.dll!UnhookWindowsHookEx 75C7ADF9 5 Bytes JMP 001F0A08
.text D:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1284] USER32.dll!UnhookWinEvent 75C7B750 5 Bytes JMP 001F03FC
.text D:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1284] USER32.dll!SetWindowsHookExW 75C7E30C 5 Bytes JMP 001F0804
.text D:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1284] USER32.dll!SetWinEventHook 75C824DC 5 Bytes JMP 001F01F8
.text D:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1284] USER32.dll!SetWindowsHookExA 75CA6D0C 5 Bytes JMP 001F0600
.text D:\Windows\system32\nvvsvc.exe[1296] ntdll.dll!LdrUnloadDll 7738C8DE 5 Bytes JMP 001603FC
.text D:\Windows\system32\nvvsvc.exe[1296] ntdll.dll!LdrLoadDll 773922B8 5 Bytes JMP 001601F8
.text D:\Windows\system32\nvvsvc.exe[1296] kernel32.dll!GetBinaryTypeW + 70 75A369F4 1 Byte [62]
.text D:\Windows\system32\nvvsvc.exe[1296] USER32.dll!UnhookWindowsHookEx 75C7ADF9 5 Bytes JMP 001F0A08
.text D:\Windows\system32\nvvsvc.exe[1296] USER32.dll!UnhookWinEvent 75C7B750 5 Bytes JMP 001F03FC
.text D:\Windows\system32\nvvsvc.exe[1296] USER32.dll!SetWindowsHookExW 75C7E30C 5 Bytes JMP 001F0804
.text D:\Windows\system32\nvvsvc.exe[1296] USER32.dll!SetWinEventHook 75C824DC 5 Bytes JMP 001F01F8
.text D:\Windows\system32\nvvsvc.exe[1296] USER32.dll!SetWindowsHookExA 75CA6D0C 5 Bytes JMP 001F0600
.text D:\Windows\system32\svchost.exe[1376] ntdll.dll!LdrUnloadDll 7738C8DE 5 Bytes JMP 000603FC
.text D:\Windows\system32\svchost.exe[1376] ntdll.dll!LdrLoadDll 773922B8 5 Bytes JMP 000601F8
.text D:\Windows\system32\svchost.exe[1376] kernel32.dll!GetBinaryTypeW + 70 75A369F4 1 Byte [62]
.text D:\Windows\system32\svchost.exe[1464] ntdll.dll!LdrUnloadDll 7738C8DE 5 Bytes JMP 000603FC
.text D:\Windows\system32\svchost.exe[1464] ntdll.dll!LdrLoadDll 773922B8 5 Bytes JMP 000601F8
.text D:\Windows\system32\svchost.exe[1464] kernel32.dll!GetBinaryTypeW + 70 75A369F4 1 Byte [62]
.text D:\Windows\system32\svchost.exe[1464] USER32.dll!UnhookWindowsHookEx 75C7ADF9 5 Bytes JMP 00990A08
.text D:\Windows\system32\svchost.exe[1464] USER32.dll!UnhookWinEvent 75C7B750 5 Bytes JMP 009903FC
.text D:\Windows\system32\svchost.exe[1464] USER32.dll!SetWindowsHookExW 75C7E30C 5 Bytes JMP 00990804
.text D:\Windows\system32\svchost.exe[1464] USER32.dll!SetWinEventHook 75C824DC 5 Bytes JMP 009901F8
.text D:\Windows\system32\svchost.exe[1464] USER32.dll!SetWindowsHookExA 75CA6D0C 5 Bytes JMP 00990600
.text D:\Program Files\AVAST Software\Avast\AvastSvc.exe[1536] kernel32.dll!SetUnhandledExceptionFilter 75A1F4FB 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text D:\Program Files\AVAST Software\Avast\AvastSvc.exe[1536] kernel32.dll!GetBinaryTypeW + 70 75A369F4 1 Byte [62]
.text D:\Windows\System32\spoolsv.exe[1916] ntdll.dll!LdrUnloadDll 7738C8DE 5 Bytes JMP 000603FC
.text D:\Windows\System32\spoolsv.exe[1916] ntdll.dll!LdrLoadDll 773922B8 5 Bytes JMP 000601F8
.text D:\Windows\System32\spoolsv.exe[1916] kernel32.dll!GetBinaryTypeW + 70 75A369F4 1 Byte [62]
.text D:\Windows\System32\spoolsv.exe[1916] USER32.dll!UnhookWindowsHookEx 75C7ADF9 5 Bytes JMP 00190A08
.text D:\Windows\System32\spoolsv.exe[1916] USER32.dll!UnhookWinEvent 75C7B750 5 Bytes JMP 001903FC
.text D:\Windows\System32\spoolsv.exe[1916] USER32.dll!SetWindowsHookExW 75C7E30C 5 Bytes JMP 00190804
.text D:\Windows\System32\spoolsv.exe[1916] USER32.dll!SetWinEventHook 75C824DC 5 Bytes JMP 001901F8
.text D:\Windows\System32\spoolsv.exe[1916] USER32.dll!SetWindowsHookExA 75CA6D0C 5 Bytes JMP 00190600
.text D:\Windows\system32\svchost.exe[1944] ntdll.dll!LdrUnloadDll 7738C8DE 5 Bytes JMP 000603FC
.text D:\Windows\system32\svchost.exe[1944] ntdll.dll!LdrLoadDll 773922B8 5 Bytes JMP 000601F8
.text D:\Windows\system32\svchost.exe[1944] kernel32.dll!GetBinaryTypeW + 70 75A369F4 1 Byte [62]
.text D:\Windows\system32\svchost.exe[1944] USER32.dll!UnhookWindowsHookEx 75C7ADF9 5 Bytes JMP 000E0A08
.text D:\Windows\system32\svchost.exe[1944] USER32.dll!UnhookWinEvent 75C7B750 5 Bytes JMP 000E03FC
.text D:\Windows\system32\svchost.exe[1944] USER32.dll!SetWindowsHookExW 75C7E30C 5 Bytes JMP 000E0804
.text D:\Windows\system32\svchost.exe[1944] USER32.dll!SetWinEventHook 75C824DC 5 Bytes JMP 000E01F8
.text D:\Windows\system32\svchost.exe[1944] USER32.dll!SetWindowsHookExA 75CA6D0C 5 Bytes JMP 000E0600
.text D:\Windows\system32\Dwm.exe[2192] ntdll.dll!LdrUnloadDll 7738C8DE 5 Bytes JMP 000603FC
.text D:\Windows\system32\Dwm.exe[2192] ntdll.dll!LdrLoadDll 773922B8 5 Bytes JMP 000601F8
.text D:\Windows\system32\Dwm.exe[2192] kernel32.dll!GetBinaryTypeW + 70 75A369F4 1 Byte [62]
.text D:\Windows\system32\Dwm.exe[2192] USER32.dll!UnhookWindowsHookEx 75C7ADF9 5 Bytes JMP 00080A08
.text D:\Windows\system32\Dwm.exe[2192] USER32.dll!UnhookWinEvent 75C7B750 5 Bytes JMP 000803FC
.text D:\Windows\system32\Dwm.exe[2192] USER32.dll!SetWindowsHookExW 75C7E30C 5 Bytes JMP 00080804
.text D:\Windows\system32\Dwm.exe[2192] USER32.dll!SetWinEventHook 75C824DC 5 Bytes JMP 000801F8
.text D:\Windows\system32\Dwm.exe[2192] USER32.dll!SetWindowsHookExA 75CA6D0C 5 Bytes JMP 00080600
.text D:\Windows\Explorer.EXE[2216] ntdll.dll!LdrUnloadDll 7738C8DE 5 Bytes JMP 000A03FC
.text D:\Windows\Explorer.EXE[2216] ntdll.dll!LdrLoadDll 773922B8 5 Bytes JMP 000A01F8
.text D:\Windows\Explorer.EXE[2216] kernel32.dll!GetBinaryTypeW + 70 75A369F4 1 Byte [62]
.text D:\Windows\Explorer.EXE[2216] USER32.dll!UnhookWindowsHookEx 75C7ADF9 5 Bytes JMP 00150A08
.text D:\Windows\Explorer.EXE[2216] USER32.dll!UnhookWinEvent 75C7B750 5 Bytes JMP 001503FC
.text D:\Windows\Explorer.EXE[2216] USER32.dll!SetWindowsHookExW 75C7E30C 5 Bytes JMP 00150804
.text D:\Windows\Explorer.EXE[2216] USER32.dll!SetWinEventHook 75C824DC 5 Bytes JMP 001501F8
.text D:\Windows\Explorer.EXE[2216] USER32.dll!SetWindowsHookExA 75CA6D0C 5 Bytes JMP 00150600
.text D:\Windows\system32\taskhost.exe[2268] ntdll.dll!LdrUnloadDll 7738C8DE 5 Bytes JMP 000503FC
.text D:\Windows\system32\taskhost.exe[2268] ntdll.dll!LdrLoadDll 773922B8 5 Bytes JMP 000501F8
.text D:\Windows\system32\taskhost.exe[2268] kernel32.dll!GetBinaryTypeW + 70 75A369F4 1 Byte [62]
.text D:\Windows\system32\taskhost.exe[2268] USER32.dll!UnhookWindowsHookEx 75C7ADF9 5 Bytes JMP 00120A08
.text D:\Windows\system32\taskhost.exe[2268] USER32.dll!UnhookWinEvent 75C7B750 5 Bytes JMP 001203FC
.text D:\Windows\system32\taskhost.exe[2268] USER32.dll!SetWindowsHookExW 75C7E30C 5 Bytes JMP 00120804
.text D:\Windows\system32\taskhost.exe[2268] USER32.dll!SetWinEventHook 75C824DC 5 Bytes JMP 001201F8
.text D:\Windows\system32\taskhost.exe[2268] USER32.dll!SetWindowsHookExA 75CA6D0C 5 Bytes JMP 00120600
.text D:\Windows\system32\AUDIODG.EXE[2516] kernel32.dll!GetBinaryTypeW + 70 75A369F4 1 Byte [62]
.text D:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2776] ntdll.dll!LdrUnloadDll 7738C8DE 5 Bytes JMP 001603FC
.text D:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2776] ntdll.dll!LdrLoadDll 773922B8 5 Bytes JMP 001601F8
.text D:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2776] kernel32.dll!GetBinaryTypeW + 70 75A369F4 1 Byte [62]
.text D:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2776] USER32.dll!UnhookWindowsHookEx 75C7ADF9 5 Bytes JMP 00200A08
.text D:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2776] USER32.dll!UnhookWinEvent 75C7B750 5 Bytes JMP 002003FC
.text D:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2776] USER32.dll!SetWindowsHookExW 75C7E30C 5 Bytes JMP 00200804
.text D:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2776] USER32.dll!SetWinEventHook 75C824DC 5 Bytes JMP 002001F8
.text D:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2776] USER32.dll!SetWindowsHookExA 75CA6D0C 5 Bytes JMP 00200600
.text D:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2800] ntdll.dll!LdrUnloadDll 7738C8DE 5 Bytes JMP 001603FC
.text D:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2800] ntdll.dll!LdrLoadDll 773922B8 5 Bytes JMP 001601F8
.text D:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2800] kernel32.dll!GetBinaryTypeW + 70 75A369F4 1 Byte [62]
.text D:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2800] USER32.dll!UnhookWindowsHookEx 75C7ADF9 5 Bytes JMP 00300A08
.text D:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2800] USER32.dll!UnhookWinEvent 75C7B750 5 Bytes JMP 003003FC
.text D:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2800] USER32.dll!SetWindowsHookExW 75C7E30C 5 Bytes JMP 00300804
.text D:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2800] USER32.dll!SetWinEventHook 75C824DC 5 Bytes JMP 003001F8
.text D:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2800] USER32.dll!SetWindowsHookExA 75CA6D0C 5 Bytes JMP 00300600
.text D:\Program Files\Logitech\SetPointP\SetPoint.exe[2876] ntdll.dll!LdrUnloadDll 7738C8DE 5 Bytes JMP 001603FC
.text D:\Program Files\Logitech\SetPointP\SetPoint.exe[2876] ntdll.dll!LdrLoadDll 773922B8 5 Bytes JMP 001601F8
.text D:\Program Files\Logitech\SetPointP\SetPoint.exe[2876] kernel32.dll!GetBinaryTypeW + 70 75A369F4 1 Byte [62]
.text D:\Program Files\Logitech\SetPointP\SetPoint.exe[2876] USER32.dll!UnhookWindowsHookEx 75C7ADF9 5 Bytes JMP 00250A08
.text D:\Program Files\Logitech\SetPointP\SetPoint.exe[2876] USER32.dll!UnhookWinEvent 75C7B750 5 Bytes JMP 002503FC
.text D:\Program Files\Logitech\SetPointP\SetPoint.exe[2876] USER32.dll!SetWindowsHookExW 75C7E30C 5 Bytes JMP 00250804
.text D:\Program Files\Logitech\SetPointP\SetPoint.exe[2876] USER32.dll!SetWinEventHook 75C824DC 5 Bytes JMP 002501F8
.text D:\Program Files\Logitech\SetPointP\SetPoint.exe[2876] USER32.dll!SetWindowsHookExA 75CA6D0C 5 Bytes JMP 00250600
.text D:\Program Files\AVAST Software\Avast\AvastUI.exe[2900] kernel32.dll!GetBinaryTypeW + 70 75A369F4 1 Byte [62]
.text D:\Program Files\Common Files\Java\Java Update\jusched.exe[2916] ntdll.dll!LdrUnloadDll 7738C8DE 5 Bytes JMP 001703FC
.text D:\Program Files\Common Files\Java\Java Update\jusched.exe[2916] ntdll.dll!LdrLoadDll 773922B8 5 Bytes JMP 001701F8
.text D:\Program Files\Common Files\Java\Java Update\jusched.exe[2916] kernel32.dll!GetBinaryTypeW + 70 75A369F4 1 Byte [62]
.text D:\Program Files\Common Files\Java\Java Update\jusched.exe[2916] USER32.dll!UnhookWindowsHookEx 75C7ADF9 5 Bytes JMP 00210A08
.text D:\Program Files\Common Files\Java\Java Update\jusched.exe[2916] USER32.dll!UnhookWinEvent 75C7B750 5 Bytes JMP 002103FC
.text D:\Program Files\Common Files\Java\Java Update\jusched.exe[2916] USER32.dll!SetWindowsHookExW 75C7E30C 5 Bytes JMP 00210804
.text D:\Program Files\Common Files\Java\Java Update\jusched.exe[2916] USER32.dll!SetWinEventHook 75C824DC 5 Bytes JMP 002101F8
.text D:\Program Files\Common Files\Java\Java Update\jusched.exe[2916] USER32.dll!SetWindowsHookExA 75CA6D0C 5 Bytes JMP 00210600
.text D:\Program Files\NetMeter\NetMeter.exe[2924] ntdll.dll!LdrUnloadDll 7738C8DE 5 Bytes JMP 001603FC
.text D:\Program Files\NetMeter\NetMeter.exe[2924] ntdll.dll!LdrLoadDll 773922B8 5 Bytes JMP 001601F8
.text D:\Program Files\NetMeter\NetMeter.exe[2924] kernel32.dll!GetBinaryTypeW + 70 75A369F4 1 Byte [62]
.text D:\Program Files\NetMeter\NetMeter.exe[2924] USER32.dll!UnhookWindowsHookEx 75C7ADF9 5 Bytes JMP 00200A08
.text D:\Program Files\NetMeter\NetMeter.exe[2924] USER32.dll!UnhookWinEvent 75C7B750 5 Bytes JMP 002003FC
.text D:\Program Files\NetMeter\NetMeter.exe[2924] USER32.dll!SetWindowsHookExW 75C7E30C 5 Bytes JMP 00200804
.text D:\Program Files\NetMeter\NetMeter.exe[2924] USER32.dll!SetWinEventHook 75C824DC 5 Bytes JMP 002001F8
.text D:\Program Files\NetMeter\NetMeter.exe[2924] USER32.dll!SetWindowsHookExA 75CA6D0C 5 Bytes JMP 00200600
.text D:\Program Files\Sandboxie\SbieCtrl.exe[2936] ntdll.dll!LdrUnloadDll 7738C8DE 5 Bytes JMP 000A03FC
.text D:\Program Files\Sandboxie\SbieCtrl.exe[2936] ntdll.dll!LdrLoadDll 773922B8 5 Bytes JMP 000A01F8
.text D:\Program Files\Sandboxie\SbieCtrl.exe[2936] kernel32.dll!GetBinaryTypeW + 70 75A369F4 1 Byte [62]
.text D:\Program Files\Sandboxie\SbieCtrl.exe[2936] USER32.dll!UnhookWindowsHookEx 75C7ADF9 5 Bytes JMP 00130A08
.text D:\Program Files\Sandboxie\SbieCtrl.exe[2936] USER32.dll!UnhookWinEvent 75C7B750 5 Bytes JMP 001303FC
.text D:\Program Files\Sandboxie\SbieCtrl.exe[2936] USER32.dll!SetWindowsHookExW 75C7E30C 5 Bytes JMP 00130804
.text D:\Program Files\Sandboxie\SbieCtrl.exe[2936] USER32.dll!SetWinEventHook 75C824DC 5 Bytes JMP 001301F8
.text D:\Program Files\Sandboxie\SbieCtrl.exe[2936] USER32.dll!SetWindowsHookExA 75CA6D0C 5 Bytes JMP 00130600
.text D:\Program Files\Launchy\Launchy.exe[3120] ntdll.dll!LdrUnloadDll 7738C8DE 5 Bytes JMP 001703FC
.text D:\Program Files\Launchy\Launchy.exe[3120] ntdll.dll!LdrLoadDll 773922B8 5 Bytes JMP 001701F8
.text D:\Program Files\Launchy\Launchy.exe[3120] kernel32.dll!GetBinaryTypeW + 70 75A369F4 1 Byte [62]
.text D:\Program Files\Launchy\Launchy.exe[3120] USER32.dll!UnhookWindowsHookEx 75C7ADF9 5 Bytes JMP 00230A08
.text D:\Program Files\Launchy\Launchy.exe[3120] USER32.dll!UnhookWinEvent 75C7B750 5 Bytes JMP 002303FC
.text D:\Program Files\Launchy\Launchy.exe[3120] USER32.dll!SetWindowsHookExW 75C7E30C 5 Bytes JMP 00230804
.text D:\Program Files\Launchy\Launchy.exe[3120] USER32.dll!SetWinEventHook 75C824DC 5 Bytes JMP 002301F8
.text D:\Program Files\Launchy\Launchy.exe[3120] USER32.dll!SetWindowsHookExA 75CA6D0C 5 Bytes JMP 00230600
.text D:\Windows\system32\SearchIndexer.exe[3212] ntdll.dll!LdrUnloadDll 7738C8DE 5 Bytes JMP 000603FC
.text D:\Windows\system32\SearchIndexer.exe[3212] ntdll.dll!LdrLoadDll 773922B8 5 Bytes JMP 000601F8
.text D:\Windows\system32\SearchIndexer.exe[3212] kernel32.dll!GetBinaryTypeW + 70 75A369F4 1 Byte [62]
.text D:\Windows\system32\SearchIndexer.exe[3212] USER32.dll!UnhookWindowsHookEx 75C7ADF9 5 Bytes JMP 00100A08
.text D:\Windows\system32\SearchIndexer.exe[3212] USER32.dll!UnhookWinEvent 75C7B750 5 Bytes JMP 001003FC
.text D:\Windows\system32\SearchIndexer.exe[3212] USER32.dll!SetWindowsHookExW 75C7E30C 5 Bytes JMP 00100804
.text D:\Windows\system32\SearchIndexer.exe[3212] USER32.dll!SetWinEventHook 75C824DC 5 Bytes JMP 001001F8
.text D:\Windows\system32\SearchIndexer.exe[3212] USER32.dll!SetWindowsHookExA 75CA6D0C 5 Bytes JMP 00100600
.text D:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3244] ntdll.dll!LdrUnloadDll 7738C8DE 5 Bytes JMP 001603FC
.text D:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3244] ntdll.dll!LdrLoadDll 773922B8 5 Bytes JMP 001601F8
.text D:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3244] kernel32.dll!GetBinaryTypeW + 70 75A369F4 1 Byte [62]
.text D:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3244] USER32.dll!UnhookWindowsHookEx 75C7ADF9 5 Bytes JMP 001F0A08
.text D:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3244] USER32.dll!UnhookWinEvent 75C7B750 5 Bytes JMP 001F03FC
.text D:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3244] USER32.dll!SetWindowsHookExW 75C7E30C 5 Bytes JMP 001F0804
.text D:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3244] USER32.dll!SetWinEventHook 75C824DC 5 Bytes JMP 001F01F8
.text D:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3244] USER32.dll!SetWindowsHookExA 75CA6D0C 5 Bytes JMP 001F0600
.text D:\Program Files\Windows Media Player\wmpnetwk.exe[3516] ntdll.dll!LdrUnloadDll 7738C8DE 5 Bytes JMP 000603FC
.text D:\Program Files\Windows Media Player\wmpnetwk.exe[3516] ntdll.dll!LdrLoadDll 773922B8 5 Bytes JMP 000601F8
.text D:\Program Files\Windows Media Player\wmpnetwk.exe[3516] kernel32.dll!GetBinaryTypeW + 70 75A369F4 1 Byte [62]
.text D:\Program Files\Windows Media Player\wmpnetwk.exe[3516] USER32.dll!UnhookWindowsHookEx 75C7ADF9 5 Bytes JMP 00090A08
.text D:\Program Files\Windows Media Player\wmpnetwk.exe[3516] USER32.dll!UnhookWinEvent 75C7B750 5 Bytes JMP 000903FC
.text D:\Program Files\Windows Media Player\wmpnetwk.exe[3516] USER32.dll!SetWindowsHookExW 75C7E30C 5 Bytes JMP 00090804
.text D:\Program Files\Windows Media Player\wmpnetwk.exe[3516] USER32.dll!SetWinEventHook 75C824DC 5 Bytes JMP 000901F8
.text D:\Program Files\Windows Media Player\wmpnetwk.exe[3516] USER32.dll!SetWindowsHookExA 75CA6D0C 5 Bytes JMP 00090600
.text D:\Users\Alex\Desktop\trojanerboard\gmer.exe[3584] ntdll.dll!LdrUnloadDll 7738C8DE 5 Bytes JMP 001603FC
.text D:\Users\Alex\Desktop\trojanerboard\gmer.exe[3584] ntdll.dll!LdrLoadDll 773922B8 5 Bytes JMP 001601F8
.text D:\Users\Alex\Desktop\trojanerboard\gmer.exe[3584] kernel32.dll!GetBinaryTypeW + 70 75A369F4 1 Byte [62]
.text D:\Users\Alex\Desktop\trojanerboard\gmer.exe[3584] USER32.dll!UnhookWindowsHookEx 75C7ADF9 5 Bytes JMP 002F0A08
.text D:\Users\Alex\Desktop\trojanerboard\gmer.exe[3584] USER32.dll!UnhookWinEvent 75C7B750 5 Bytes JMP 002F03FC
.text D:\Users\Alex\Desktop\trojanerboard\gmer.exe[3584] USER32.dll!SetWindowsHookExW 75C7E30C 5 Bytes JMP 002F0804
.text D:\Users\Alex\Desktop\trojanerboard\gmer.exe[3584] USER32.dll!SetWinEventHook 75C824DC 5 Bytes JMP 002F01F8
.text D:\Users\Alex\Desktop\trojanerboard\gmer.exe[3584] USER32.dll!SetWindowsHookExA 75CA6D0C 5 Bytes JMP 002F0600
.text D:\Windows\System32\svchost.exe[3860] ntdll.dll!LdrUnloadDll 7738C8DE 5 Bytes JMP 000A03FC
.text D:\Windows\System32\svchost.exe[3860] ntdll.dll!LdrLoadDll 773922B8 5 Bytes JMP 000A01F8
.text D:\Windows\System32\svchost.exe[3860] kernel32.dll!GetBinaryTypeW + 70 75A369F4 1 Byte [62]
.text D:\Windows\System32\svchost.exe[3860] user32.dll!UnhookWindowsHookEx 75C7ADF9 5 Bytes JMP 003A0A08
.text D:\Windows\System32\svchost.exe[3860] user32.dll!UnhookWinEvent 75C7B750 5 Bytes JMP 003A03FC
.text D:\Windows\System32\svchost.exe[3860] user32.dll!SetWindowsHookExW 75C7E30C 5 Bytes JMP 003A0804
.text D:\Windows\System32\svchost.exe[3860] user32.dll!SetWinEventHook 75C824DC 5 Bytes JMP 003A01F8
.text D:\Windows\System32\svchost.exe[3860] user32.dll!SetWindowsHookExA 75CA6D0C 5 Bytes JMP 003A0600
---- Devices - GMER 1.0.15 ----
Device \Driver\ACPI_HAL \Device\00000048 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
---- EOF - GMER 1.0.15 ----
|
|
17.09.2011, 04:48
| #2 |
| /// Helfer-Team    | Youtube kann nicht mehr erreicht werden: "Fehler: Server nicht gefunden " hi...
__________________Es ist der selbe PC, für den Du bereits ein Thema eröffnet hast?:-> http://www.trojaner-board.de/103448-...tml#post702414 gruß kira
__________________ |
|
18.09.2011, 12:07
| #3 |
| | Youtube kann nicht mehr erreicht werden: "Fehler: Server nicht gefunden " Hi Kira,
__________________ja das ist derselbe PC, aber es ist nur ein Thread oder? Dein Link führt nämlich zu diesem Thread. Ich habe also nur einen erstellt. Heute habe ich das Problem gelöst, indem ich meinen Router neugestartet habe. Funktioniert alles wieder normal. SuperAntispyware hat (bis auf Tracking cookies) nichts gefunden. Trotzdem Danke für die Hilfe. Gruß |
|
18.09.2011, 12:47
| #4 | |
| /// Helfer-Team | Youtube kann nicht mehr erreicht werden: "Fehler: Server nicht gefunden "Zitat:
  Es ist der selbe Thread. @OT: Ein Neustart wirkt oft wunder. Freut mich das dein Anliegen gelöst ist. 
__________________ Kein Support per PM! |
|
19.09.2011, 16:37
| #5 |
| /// Helfer-Team | Youtube kann nicht mehr erreicht werden: "Fehler: Server nicht gefunden " kann mal passieren  Hoffe, dass damit dein Problem wirklich gelöst ist. alles Gute!
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
| Themen zu Youtube kann nicht mehr erreicht werden: "Fehler: Server nicht gefunden " |
| antivirus, application/pdf, application/pdf:, audiodg.exe, autorun, avast, bho, browser, defender, desktop, downloader, explorer, fehler, fehler: server nicht gefunden, fehlermeldung, firefox, format, langs, locker, logfile, mozilla, mozilla thunderbird, mp3, nicht gefunden, ntdll.dll, nvidia, nvlddmkm.sys, plug-in, registry, rundll, scan, seiten, server, software, taskhost.exe, tracker, version=1.0, webcheck, windows, winlogon.exe |
Linear-Darstellung
